Users, Roles, and Permissions

User Management

At a Glance

Cannabis dispensary user roles and permissions are built into every ShelfSpace portal
Retailer portal: Admin, Viewer, and Inventory roles
Vendor portal: Admin and Viewer roles
Invite users by email — they set up their own account and MFA
Access is scoped to specific locations for multi-store operators

Cannabis Dispensary User Roles and Permissions

Cannabis dispensary user roles and permissions in ShelfSpace control who on your team can see, edit, and approve actions across the platform. Every user gets a role when they are invited, and that role determines exactly what they can access. This keeps your financial data, vendor relationships, and payment workflows secure without slowing down day-to-day operations.

ShelfSpace uses role-based access control enforced at the database level through row-level security. This means permissions are not just UI restrictions — they are enforced on every data query. Even if someone tries to access a record through the API, the database rejects the request if their role does not permit it. See Security Overview for more on how we protect your data.

What we handle: We set up your initial admin accounts during onboarding. From there, your admins invite their own team members and assign roles. We manage the infrastructure; you manage your people.

Retailer Portal Roles

The retailer portal has three roles, each designed for a different function in your dispensary:

Retailer Admin — Full access to everything: settlements, payments, vendor management, credit memos, deliveries, insights, and user management. This is for owners, GMs, and finance leads.
Retailer Viewer — Read-only access to dashboards, reports, and delivery logs. Viewers can see data and download reports but cannot create payments, approve credit memos, or invite users. Good for accountants and consultants.
Retailer Inventory — Focused access for receiving staff. Can mark deliveries as received, upload documents, and add receiving notes. Cannot access financial data, payments, or vendor terms. Designed for your dock team.

Vendor Portal Roles

Vendors who connect with you through ShelfSpace get their own portal with two roles:

Vendor Admin — Can view settlements, download checks, respond to credit memos, manage their company profile, and invite other vendor users.
Vendor Viewer — Read-only access to payment history, settlement reports, and portal dashboards. Cannot take actions or respond to disputes.

Inviting Users

Admins invite new users by entering an email address and selecting a role. ShelfSpace sends an email invitation with a secure link. The invited user creates their account, sets a password, and configures multi-factor authentication. No admin intervention is needed after the invite is sent.

For multi-location operators, access can be scoped to specific locations. A receiving manager at your downtown location does not need to see delivery data for your north-side store. Location scoping keeps each team focused on their own operation while admins retain visibility across all locations.

Managing Access

Admins can change a user's role or remove their access at any time. When you remove a user, their account is soft-deleted — the audit trail preserves every action they took, but they can no longer log in or access any data. This is important for cannabis compliance, where regulators may ask who did what and when.

Ready for a free 60-day pilot? Let's talk.

Talk to Us

Free 60-day pilot. We handle setup.